Login

Juniper Junos Corrupt pam.conf Security Bypass (JSA10707)

Medium Nessus Plugin ID 86608

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

According to its self-reported version number, the remote Juniper Junos device is affected by a security bypass vulnerability due to the 'fail-open' behavior of the pam.conf file. A local attacker can exploit this, by modifying or corrupting the pam.conf file, to gain unauthenticated root access to the device.